iSeries agent is unable to return data to port 1636 (NETIQKB72930)

  • 7772930
  • 08-Apr-2011
  • 16-May-2011

Environment

Security Manager 6.x

iSeries

Situation

Error on iSeries agent box

PSESNDLOG ERROR: Unable to send results. Unable to re-connect to VigilEnt using 10.22.68.136 on Port 1636
logmanager.log on CC

2011-02-07 10:40:24,132 ERROR [mk-4] [StreamToReport] socket io error - changing report SerialID=11775492 to an error report
2011-02-07 10:40:24,132 ERROR [mk-4] Exception occured
java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:177)
at java.net.Socket.setSoTimeout(Socket.java:924)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(DashoA6275)
at com.pentasafe.mkx.net.ssl.VsslSocket.setSoTimeout(VsslSocket.java:118)
at com.pentasafe.mk.select.SocketProcess.doProcess(DashoA8189)
at com.pentasafe.mk.select.SocketProcess.doRun(DashoA8189)
at com.pentasafe.mk.select.SocketProcess.run(DashoA8189)
at com.pentasafe.mk.threads.WorkerThread.run(DashoA8189)
2011-02-07 10:40:24,194 ERROR [mk-2] [StreamToReport] socket io error - changing report SerialID=11775495 to an error report
2011-02-07 10:40:24,210 ERROR [mk-2] Exception occured
java.net.SocketException: Socket Closed
at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:177)
at java.net.Socket.setSoTimeout(Socket.java:924)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(DashoA6275)
at com.pentasafe.mkx.net.ssl.VsslSocket.setSoTimeout(VsslSocket.java:118)
at com.pentasafe.mk.select.SocketProcess.doProcess(DashoA8189)
at com.pentasafe.mk.select.SocketProcess.doRun(DashoA8189)
at com.pentasafe.mk.select.SocketProcess.run(DashoA8189)
at com.pentasafe.mk.threads.WorkerThread.run(DashoA8189)
2011-02-07 10:43:01,112 ERROR [mk-14] Exception occured
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.sun.net.ssl.internal.ssl.InputRecord.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at com.pentasafe.mk.net.VssInputStream.e(Da

Resolution

1. Go to the Central computer in question\C:\program files\netiq security manger\onepoint\mk.options

2. Add the following line the the mk.options file.
server/hostaddress=10.22.132.XX
where XX is the last segment of the IP address of the Computer Computer [Server To Server interface].

Note: this will have to be done on any Central computer that is recieving data from iSeries boxes.

Cause

This is a dual interface routing problem

Example:

The Central Computer has two network cards:
10.22.68.XX [Client to Server interface] C2S
10.22.132.XX [Server to Server interface] S2S


The iSeries computer has two network cards:
10.20.218.YY [Server  to Server interface] S2S
10.0.1.YY [Client to Server interface]   C2S


When a Central Computer communicates to the iSeries computer, it send the requests over the C2S interface on the Central Computer to the S2S interface on the iSeries box: E.g. 10.22.68.XX --> 10.20.218.YY


When the iSeries computer sends back the reply, will be over the same interface, which means it will try to communicate to the C2S interface on the Central Computer. E.g. 10.20.218.YY --> 10.22.68.XX

Port 1636 will not be available on this interface.
How to solve this issue, the details described below.
But in short, they need to add the following line
server/hostaddress=10.22.132.XX
where XX is the last segment of the IP address of the CC [Server To
Server interface].

Additional Information

Formerly known as NETIQKB72930

Feedback service temporarily unavailable. For content questions or problems, please contact Support.